ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Recruiter Assistant (Shenzhen)

v1.0.0

A professional recruitment workflow assistant. Evaluates resumes against dynamic requirements and AI proficiency, provides critical Pros/Cons analysis, and p...

0· 436·2 current·2 all-time
by@gakkiismywife·duplicate of @gakkiismywife/recruiter-assistant
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Overall purpose (resume screening, question generation, interview summarization, Shenzhen salary benchmarking) matches the included scripts and reference data. However the metadata declares no required binaries while the scripts call an external tool (pdftotext) — an inconsistency between declared requirements and actual behavior.
!
Instruction Scope
Runtime instructions and scripts print full resume contents to stdout for the agent to evaluate (potentially exposing sensitive PII). Multiple scripts build shell commands by concatenating unescaped filenames into execSync calls (pdftotext and node invocations), creating command-injection risk if file names or inputs are attacker-controlled. SKILL.md expects sending summaries to HR via a 'message' tool, but code does not implement that; process_incoming.js accepts a docToken parameter that is never used—this suggests incomplete integration and unclear handling of credentials/tokens.
Install Mechanism
No install spec (instruction-only) — low install risk. But the scripts rely on an external binary 'pdftotext' which is not declared under required binaries; the lack of declared dependency is an incoherence the integrator must fix.
Credentials
No environment variables or credentials are declared, which aligns with instruction-only operation. However process_incoming.js accepts a docToken argument (unused) and SKILL.md expects use of a 'message' tool for HR notification—these imply external integration/credentials that are not declared or explained.
Persistence & Privilege
The skill is not always-enabled and requests no persistent privileges or system-wide configuration changes. It does read/write temporary files (e.g., /tmp/*.txt) and writes per-candidate output documents, which is expected for its purpose.
What to consider before installing
This skill mostly does what its description says, but don’t install it blindly. Before using: (1) Confirm and declare required binaries (pdftotext) in metadata and ensure they come from trusted packages. (2) Treat all candidate files as sensitive PII — run in a sandbox and limit where output can go. (3) Fix or audit shell calls: the scripts concatenate user-controlled filenames into execSync; sanitize or use spawn with argument arrays to avoid command injection. (4) Clarify external integrations: the README asks agents to send messages to HR and process_incoming accepts a docToken, but no credentials or message-call code are provided—decide how messaging/auth is handled and add required env vars. (5) Test with synthetic resumes first. If you are not able to validate or fix the above, consider this skill suspicious and avoid running it on real candidate data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f1awt5y0wqnv08w2e13e8y181xbb4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments